Security: Tighten DynamicLinker*, NativeLibrary and DynamicLibraryBundle access (2)

- Completes 23341a2df2d2ea36784a16fa1db8bc7385351a12

- Replace 'DynamicLinker' interface w/ well documented one

- All DynamicLinker methods are now considered secure, i.e.:
  - open/lookup and close utilize reference counting on handle via a hash map.

  - lookupSymbol(..) and close(..) impl. validate the passed library handle
    whether it's retrieved via open*.
    This is the fast path, not that expensive.

  - lookupSymbolGlobal(..) performs
    Check acccess of 'new RuntimePermission("loadLibrary.*")' if SecurityManager is installed.
    This is the slow path.

- DynamicLibraryBundleInfo now reflects the security requirements,
  i.e. whether priviledged access is needed.

1 files changed, 11 insertions, 0 deletions

diff --git a/src/java/com/jogamp/common/util/SecurityUtil.java b/src/java/com/jogamp/common/util/SecurityUtil.java
index 4d7aa5d..6b35c9c 100644
--- a/src/java/com/jogamp/common/util/SecurityUtil.java
+++ b/src/java/com/jogamp/common/util/SecurityUtil.java
@@ -142,6 +142,17 @@ public class SecurityUtil {
     }
     
     /**
+     * Throws an {@link SecurityException} if an installed {@link SecurityManager}
+     * does not permit to dynamically link to all libraries.
+     */
+    public static final void checkAllLinkPermission() throws SecurityException {
+        if( null != securityManager ) {
+            securityManager.checkPermission(allLinkPermission);
+        }
+    }
+    private static final RuntimePermission allLinkPermission = new RuntimePermission("loadLibrary.*");
+    
+    /**
      * @param clz
      * @return
      * @throws SecurityException if the caller has no permission to access the ProtectedDomain of the given class.